This repository is parameter selection and lightweight wrapper around a number of (FFI wrapped) Rust cryptographic libraries. Its purpose isn't to implement primitives, rather to unify the API surface of existing libraries; limited to the tiny subset needed by the Dark Bio project.
The library is opinionated. Parameters and primitives were selected to provide matching levels of security in a post-quantum world. APIs were designed to make the library easy to use and hard to misuse. Flexibility will always be rejected in favor of safety.
- Certificates
- x509 (RFC-5280):
xDSA,xHPKE
- x509 (RFC-5280):
- Digital signatures
- Encryption
- Key derivation
- Serialization
¹ As CBOR encoding/decoding would require a full reimplementation in Dart, that is delegated to any preferred 3rd party library. To ensure correctness, this package provides a cbor.verify, which it also implicitly enforces that when crossing through cose.
The underlying implementation exists in two sibling repos, which track the same feature set and API surfaces, released at corresponding version points.
Sibling wrapper exists in one other repo:
- TypeScript
github.com/dark-bio/crypto-ts
Shoutout to Filippo Valsorda (@filosottile) for lots of tips and nudges on what kind of cryptographic primitives to use and how to combine them properly; and also for his work in general on cryptography standards.
Naturally, many thanks to the authors of all the libraries this project depends on.